DataMilk & GDPR
GDPR "applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system"
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- Clients: the representatives of the website that enters a business agreement with DataMillk
- Shoppers: these are the final users who utilize the platform provided by the clients
Information About Clients:
At DataMilk we keep data collection for Clients in the system at the minimum necessary:
- a corporate email that can be used to log in the system
- a name that is displayed on our dashboards
For these Clients, we don't collect any other sort of personal information such as IP Addresses, location, telephone number, etc.
At the moment, we also do not collect financial information such as credit card numbers or bank information.
In order to provide the services DataMilk stores a cookie to save information about authentication. However, these cookies are only used for the specific purpose of allowing the Client to be identified and navigate the page.
We don't share any information from Clients with any third-party provider.
Where is the Information Collected from Clients Stored and Who has Access to It?
The data collected is stored on the Google Cloud Platform and saved as tables to Google DataStore. The system requires authentication and only authorized personnel within the company with a business need can access this data. All backups which are also stored in this safe manner.
DataMilk uses Google Firebase for authentication. We also use services like Google Analytics and other marketing tracking tools.
Any Client may request to have their stored email information removed via this link.
Information About Shoppers:
In order to provide the services for which DataMilk is contracted, some information needs to be collected from Clients Shoppers. However, this data does not contain any private identifiers or personal information. Data collected includes:
- Coarse location: the minimum resolution we store is a city. E.g.: for a shopper in NYC or close to the city the only information we record is NYC
- The timestamps for the Shopper's activity within the Client's website
- Device type, operating system and network speed
- Referrer and UTM parameters
- The pages the shopper has visited
- The coordinates and HTML markups of the interactions of the Shoppers, e.g., the text of the buttons they clicked
- Other context from pages such as URLs, page titles interacted with
- Purchase value, currency and profit margin
- The user agent of the device used to navigate the Clients’ websites.
In particular, we do not collect, process or store:
- IP Address
- email address
- Payment information such as credit card numbers information on the browser that could be used for “browser fingerprinting” such as installed fonts or preferences
- Any value inputted in input fields.
In addition, because DataMilk does not utilize cookies or any other form of cross-site tracking to operate hence it is not possible to track Shopper activity across different websites. In fact, with the information that is collected DataMilk cannot even track the same Shopper across different devices.
Where is the Information Collected from Shoppers Stored and Who has Access to It?
The data collected from Shopper's activity is stored on the Google Cloud Platform on a component called BigQuery with access restrictions mechanisms. This data is used by two actors:
- Authorized personnel with a business need to inspect the data (e.g., get analytics info, process the data to train Artificial Intelligence models)
- Automated systems that process the data to device models that can be used to infer information about navigation. These systems are also running in the Google Cloud with mechanisms to restrict access. The data never leaves the Google Cloud for processing.